diff --git a/common/amount.c b/common/amount.c
index 74fa2252c..ce38eaa53 100644
--- a/common/amount.c
+++ b/common/amount.c
@@ -375,9 +375,12 @@ void amount_msat_from_u64(struct amount_msat *msat, u64 millisatoshis)
 	msat->millisatoshis = millisatoshis;
 }
 
-void amount_msat_from_sat_u64(struct amount_msat *msat, u64 satoshis)
+WARN_UNUSED_RESULT bool amount_msat_from_sat_u64(struct amount_msat *msat, u64 satoshis)
 {
-	msat->millisatoshis = satoshis * 1000;
+	if (mul_overflows_u64(satoshis, MSAT_PER_SAT))
+		return false;
+	msat->millisatoshis = satoshis * MSAT_PER_SAT;
+	return true;
 }
 
 bool amount_msat_fee(struct amount_msat *fee,
diff --git a/common/amount.h b/common/amount.h
index 26602312b..b05b16146 100644
--- a/common/amount.h
+++ b/common/amount.h
@@ -104,7 +104,7 @@ WARN_UNUSED_RESULT bool amount_msat_to_u32(struct amount_msat msat,
 
 /* Programatically initialize from various types */
 void amount_msat_from_u64(struct amount_msat *msat, u64 millisatoshis);
-void amount_msat_from_sat_u64(struct amount_msat *msat, u64 satoshis);
+WARN_UNUSED_RESULT bool amount_msat_from_sat_u64(struct amount_msat *msat, u64 satoshis);
 
 /* Common operation: what is the HTLC fee for given feerate?  Can overflow! */
 WARN_UNUSED_RESULT bool amount_msat_fee(struct amount_msat *fee,
diff --git a/lightningd/opening_control.c b/lightningd/opening_control.c
index 0c0112b5e..beef58780 100644
--- a/lightningd/opening_control.c
+++ b/lightningd/opening_control.c
@@ -664,8 +664,9 @@ static void channel_config(struct lightningd *ld,
 	*max_to_self_delay = ld->config.locktime_max;
 
 	/* Take minimal effective capacity from config min_capacity_sat */
-	amount_msat_from_sat_u64(min_effective_htlc_capacity,
-		ld->config.min_capacity_sat);
+	if (!amount_msat_from_sat_u64(min_effective_htlc_capacity,
+				ld->config.min_capacity_sat))
+		fatal("amount_msat overflow for config.min_capacity_sat");
 
 	/* BOLT #2:
 	 *